AOL.com has been forced to batten down the hatches at its ad platform after discovering that it was inadvertently serving malicious ads on some versions of the news site Huffington Post.
Online security specialist Cyphort alerted AOL to the issue after seeing malicious ads served on the American and Canadian sites; it is not thought to have affected the UK version.
The ads, which first ran in October, redirected users to other sites that attacked their computers and tried to install malware, according to a blog post from Cyphort.
The firm’s director of security research Nick Bilogorskiy said attackers submit ads to an ad platform but wait until the ad has been apporved before unleasing the malicious payload.
“The ad networks get millions of ads submitted to them, and any one of them could be malvertising,” he wrote. Advertising platforms “try to detect and filter malicious ads from their systems, but it is challenging.
“The potential damage is high, as ad networks have a very deep reach and can infect many people quickly.”
In January last year, up to 27,000 people an hour were infected by malicious ads served by Yahoo, which drove users to a raft of dodgy websites including funnyboobsonline.org and yagerass.com.
Yahoo scam hits 27,000 an hour
The naked truth about online data
Apple blames customers for breach
Breaches ‘everyday occurrences’
Half of eBay users now wary
Marketers shoulder hacking costs
Cyber gang banged up for 30 years
Gang held in Santander hack scam
Only 2% of cops can fight e-crime
Cops ‘don’t care about cyber-crime’
Staffer held over Morrisons breach
Hackers ‘get ugly’ with mega attack